TY - JOUR
T1 - Security of blockchain-based supply chain management systems
T2 - Challenges and opportunities
AU - Al-Farsi, Sana
AU - Rathore, Muhammad Mazhar
AU - Bakiras, Spiros
N1 - Publisher Copyright:
© 2021 by the authors. Licensee MDPI, Basel, Switzerland.
PY - 2021/6/2
Y1 - 2021/6/2
N2 - Blockchain is a revolutionary technology that is being used in many applications, including supply chain management. Although, the primary motive of using a blockchain for supply chain management is to reduce the overall production cost while providing the comprehensive security to the system. However, current blockchain-based supply-chain management (BC-SCM) systems still hold the possibility of cyber attacks. Therefore, the goal of this study is to investigate practical threats and vulnerabilities in the design of BC-SCM systems. As a starting point, we first establish key requirements for the reliability and security of supply chain management systems, i.e., transparency, privacy and traceability, and then discern a threat model that includes two distinctive but practical threats including computational (i.e., the ones that threaten the functionality of the application) and communication (i.e., the ones that threaten information exchange among interconnected services of the application). For investigation, we follow a unique approach based on the hypothesis that reliability is pre-requisite of security and identify the threats considering (i) design of smart contracts and associated supply chain management applications, (ii) underlying blockchain execution environment and (iii) trust between all interconnected supply management services. Moreover, we consider both academic and industry solutions to identify the threats. We identify several challenges that hinder to establish reliability and security of the BC-SCM systems. Importantly, we also highlight research gaps that can help to establish desired security of the BC-SCM. To the best of our knowledge, this paper is the first effort that identifies practical threats to blockchain-based supply chain management systems and provides their counter measures. Finally, this work establishes foundation for future investigation towards practical security of BC-SCM system.
AB - Blockchain is a revolutionary technology that is being used in many applications, including supply chain management. Although, the primary motive of using a blockchain for supply chain management is to reduce the overall production cost while providing the comprehensive security to the system. However, current blockchain-based supply-chain management (BC-SCM) systems still hold the possibility of cyber attacks. Therefore, the goal of this study is to investigate practical threats and vulnerabilities in the design of BC-SCM systems. As a starting point, we first establish key requirements for the reliability and security of supply chain management systems, i.e., transparency, privacy and traceability, and then discern a threat model that includes two distinctive but practical threats including computational (i.e., the ones that threaten the functionality of the application) and communication (i.e., the ones that threaten information exchange among interconnected services of the application). For investigation, we follow a unique approach based on the hypothesis that reliability is pre-requisite of security and identify the threats considering (i) design of smart contracts and associated supply chain management applications, (ii) underlying blockchain execution environment and (iii) trust between all interconnected supply management services. Moreover, we consider both academic and industry solutions to identify the threats. We identify several challenges that hinder to establish reliability and security of the BC-SCM systems. Importantly, we also highlight research gaps that can help to establish desired security of the BC-SCM. To the best of our knowledge, this paper is the first effort that identifies practical threats to blockchain-based supply chain management systems and provides their counter measures. Finally, this work establishes foundation for future investigation towards practical security of BC-SCM system.
KW - Blockchain
KW - Information security
KW - Privacy
KW - Supply chain
KW - Transparency
UR - http://www.scopus.com/inward/record.url?scp=85108845811&partnerID=8YFLogxK
U2 - 10.3390/app11125585
DO - 10.3390/app11125585
M3 - Article
AN - SCOPUS:85108845811
SN - 2076-3417
VL - 11
JO - Applied Sciences (Switzerland)
JF - Applied Sciences (Switzerland)
IS - 12
M1 - 5585
ER -